Information Systems and Computing's Networking organization is
responsible for the operation of PennNet (Penn's data networks) and
therefore has the authority and responsibility to specify
requirements for any devices connecting to PennNet. This authority
extends to the device type in the case of networking electronics
such as a router, repeater, or switch. It also extends to certain
configuration parameters of a device that could adversely impact
other parts of the network.

III. Executive Summary

This policy specifies the conditions under which an Ethernet
switch may be connected to a PennNet wallplate. It also provides
"best practice" recommendations to guide the network user in
deploying switches appropriately.

IV. Purpose

The purpose of this policy is to identify the locations and
circumstances in which an Ethernet switch may be connected to a
PennNet wallplate. While multi-port Ethernet switches can be
convenient in providing access to multiple networked devices in
locations where only one PennNet wallplate port is available, use
of switches in certain situations can cause significant problems
(see V. Risk of Non-compliance). This policy allows the network
user to take advantage of the convenience of multi-port switches in
cases where doing so will not adversely affect the provision of
network service to others.

V. Risk of Non-compliance

Improper use of switches can cause significant problems (poor
performance, communication failure, etc.) for other users of
PennNet. Additionally, it can make troubleshooting the network more
difficult and time consuming.

Restrictions on the use of Ethernet switches apply to all
standard PennNet wallplates in locations where ISC N&T provides
support.
Network wallplates that are provided and supported by
organizations other than the University's central networking
organization may not be covered directly by this policy. Network users
are advised to check with their local LSP if uncertain.

VII. Statement of policy

ISC Networking provides support up to the wallplate only, and
therefore will not be responsible for the operation of the switch
or any local associated wiring with the LAN(s)
unless installed by ISC Networking for specific temporary purposes,
such as traffic profiling or troubleshooting.

Remote network access (i.e. any access other than from the console)
to privileged accounts (e.g. root, Administrator) must use Strong
Authentication by no later than July 1, 2005.

Switches cannot be connected to more than one point on the
PennNet side of the demarcation point as this may have negative
service implications within the building network
(eg, broadcast storms).

The switch and all associated station wiring must remain in the
same room with the physical wallplate.

VIII. Recommendations and Best Practices

The following related practices are strongly recommended by ISC
Networking, towards a more efficient network.

All available data ports on wallplates should be activated for
PennNet service and put to use before the network user resorts to
the use of a switch on that wallplate. Use of wallplate ports
rather than switch ports will provide the user with more bandwidth,
lower contention, and more advanced features that will become
increasingly important as new applications are deployed.

Switches connected to PennNet wallpates should connect no more
than twelve (12) devices to a PennNet port connected at 100mbs.
Building networks are designed to maximize efficiency and
performance based on certain assumptions about network node and
traffic density.

Associated wiring should be kept out of walking paths to reduce
risks of accident.

The use of switches should not be specified or substituted into
a building (re)wiring design, such as in an attempt to reduce the
number of wire pulls to a location or office.
If there is a need for larger
networking coverage areas, consult with ISC N&T before any
wiring begins.

Where new wiring centers and pathways are being provided as part
of a construction project, an opportunity to install new wiring
should always be taken. ISC Networking is responsible
for managing all new wiring installations.

To minimize points of failure or compromise,
critical hosts should be directly connected to a PennNet
wallplate.

IX. Compliance

A. Verification: ISC Networking does not plan to actively
police the network in an effort to discover non-compliant switches,
but will act on those discovered during the normal course of events
in operating and/or troubleshooting the network.

B. Notification: Notification shall be made to the LSP
for the area. Whenever possible and practical, the user of the
switch-connected node(s) will also be notified.

C. Remedy: Remedy will be the immediate removal of
out-of-compliance switches. Interim solutions to retain
connectivity may be available through
your local computing support and/or
ISC Networking.

E. Responsibility: Responsibility for remedy
lies with the network user or the users' department. In the vast majority
of cases, the area LSP will have involvement in the implementation
of the remedy.

F. Time Frame: Non-compliant connections must be remedied
immediately to reduce risk of networking failures for other network
users. Interim solutions, which may involve having the network user
rent ISC-owned equipment, should be made available by ISC
Networking (where possible and with the cooperation of the network
user) within 2 business days to allow the network user to continue
to receive service. Final solutions should be implemented within 30
days.